Job Description
We are looking for an experienced security professional for our 24×7 managed security operations center to work as a Service Delivery Manager.
Responsibilities
• Vulnerability/Patch management experience
• Detailed involvement with security incidents
• Experience in the development and implementation of an SDLC or Penetration Testing program
• Understand regulations and governmental initiatives impacting the technology environment and systems, work with appropriate teams to ensure proper understanding of potential gaps, and propose strategic but practical response policies, plans, and projects
• Develop, oversee, and drive the execution of remediation and corrective action plans for the department as they pertain to information and technology risk management issues.
• Assist with development of annual and monthly budget development and monitoring
• Perform threats and vulnerability assessment and provide subject matter expertise on appropriate threats mitigation
• Work to prioritize security initiatives and spending considering needs in the light of evolving cyber threats
• Identify appropriate goals, objectives and metrics consistent with corporate strategic plan. Manage the development and implementation of global security policy, standards, procedures and work instructions to ensure ongoing maintenance of security
• Oversee key IS defense elements including network security architecture, network access and monitoring policies
• Oversee execution of approved information security project plans and provide regular status reporting on progress of such projects
• Contribute to the identification and development of enterprise-wide security requirements based on industry experience and best practices
• Develop appropriate metrics (key risk and performance indicators) to measure the IS program and related process
• Provide security consulting to technology, operations and business on an ongoing basis
• Subject matter expert in software / application security (including understanding of OWASP top 10, static/dynamic code analysis)
Subject matter expert in Vulnerability Management and Incident Response Process and related forensics requirements
Education Requirements & Experience
• Education: MS in IT/ BE/ B. Tech
• Bachelor’s degree in engineering, computer science, or a related field with minimum of 10 years of experience
• Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM) certification preferred; Knowledge of SIEM, IPS/IDS, VPN, Vulnerability Scanner, Active Directory, Malware Analysis, Penetration Testing, UNIX/Linux, Incident Response, Firewalls and APT Methodologies
• Membership with FS-ISAC, US-CERT and other relevant technological knowledge sharing forums
• Knowledge of ISO27001/ISO31000, NIST 800-53 and similar standards is preferred
• Minimum 8 – 10 years’ experience in IT security industry
• Prior information security and risk management experience, preferably with experience in secure applications development or incident response and forensics
• Project Management experience
• Experience in a combination of business analysis, systems, business continuity planning and financial services
• Broad IT knowledge specifically in areas of information security, risk management and IT audit
• Strong communication and negotiation skills
• Strong analytical and problem-solving skills
• Ability to work with all levels within the organization
